A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*"
],
"vendor_product": "redhat:enterprise_linux",
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_server",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:virtualization",
"extracted_events": [
{
"introduced": "4.0"
},
{
"last_affected": "4.0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:nbdkit_project:nbdkit:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.12.7"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.1"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.1"
}
],
"source": "CPE_RANGE"
}